Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-4392

DIH - Need to externalize or encrypt username/password stored within data-config.xml

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.0, 4.1
    • Fix Version/s: 5.2, 6.0
    • Labels:
      None

      Description

      Today, the connection (database or otherwise) credentials is wide open in data-config.xml. Not really an issue until someone sends out the config file outside of the server.

      We should look into externalizing the database lookup or providing a way to encrypt the username and password.

      The needs are:

      1/ Some projects want to enable multi-tenancy where data for each core is situated in different database servers w/ their own credentials. We need a way to expose hooks that will allow implementations to be plugged in. It can be done though the "type" attribute on the dataSource, but providing a factory might work better.

      2/ Most orgs are very protective of their credentials and weary of plain-text settings.

      <dataSource name="jdbc" driver="oracle.jdbc.driver.OracleDriver" url="jdbc:oracle:thin:@//hostname:port/SID" user="db_username" 
      <!-- This database password is encrypted using AES using the command. pwd.txt contains the actual DB password -->
      <!-- openssl enc -aes-128-cbc -a -salt -in pwd.txt -->
      password="U2FsdGVkX18QMjY0yfCqlfBMvAB4d3XkwY96L7gfO2o=" 
      <!-- Password to decrypt is stored in this file-->
      encryptKeyFile="/location/of/encryptionkey"
      />
      

        Attachments

        1. SOLR-4392.patch
          8 kB
          Noble Paul
        2. SOLR-4392.patch
          7 kB
          Senthuran Sivananthan

          Issue Links

            Activity

              People

              • Assignee:
                noble.paul Noble Paul
                Reporter:
                senthuran Senthuran Sivananthan
              • Votes:
                1 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: